The $50 billion valuation triggered by Goldman Sachs’s investment in Facebook has created another feeding frenzy. The Guardian has a nice piece by Jemima Kiss which manages to steer clear of most of the hype. Meanwhile, here are two charts which may help to put things in perspective.
The first shows the way valuations of Facebook have fluctuated over time.
The second — more sobering — chart shows revenue per user for different online services.
Notice on a shop-door in Norfolk. Suggests a sensible attitude to work.
I know nothing about football, but somehow I think that this headline doesn’t capture what Chelsea meant. Normally, if someone is said to be “going nowhere”, that means he’s destined to be sidelined or fired.
Pedantic, I know, but…
On Cley beach, Norfolk, yesterday afternoon.
Heart-warming story in The Register.
Computer scientists from Cambridge University have rebuffed attempts by a banking association to persuade them to take down a thesis covering the shortcomings of Chip-and-PIN as a payment verification method.
Omar Choudary’s masters thesis contains too much information about how it might be possible to fool a retailing terminal into thinking a PIN authorising a purchase had been entered, as far as the bankers are concerned. Noted cryptographer and banking security expert Professor Ross Anderson gives short shrift to the argument that publishing the research exceeds the bounds of responsible disclosure, politely but firmly telling the UK Cards Association that the research was already in the public domain and that Choudary’s work would stay online.
Anderson is one of Choudary’s supervisors in the latter’s research…
Ross Anderson is one of the most imperturbable guys I know, and his response to the bankers’ impertinence is right in character. It reads:
The bankers’ trade association has written to Cambridge University asking for the MPhil thesis of one of our research students, Omar Choudary, to be taken offline. They complain it contains too much detail of our No-PIN attack on Chip-and-PIN and thus “breaches the boundary of responsible disclosure”; they also complain about Omar’s post on the subject to this blog.
Needless to say, we’re not very impressed by this, and I made this clear in my response to the bankers. (I am embarrassed to see I accidentally left Mike Bond off the list of authors of the No-PIN vulnerability. Sorry, Mike!) There is one piece of Christmas cheer, though: the No-PIN attack no longer works against Barclays’ cards at a Barclays merchant. So at least they’ve started to fix the bug – even if it’s taken them a year. We’ll check and report on other banks later.
The bankers also fret that “future research, which may potentially be more damaging, may also be published in this level of detail”. Indeed. Omar is one of my coauthors on a new Chip-and-PIN paper that’s been accepted for Financial Cryptography 2011. So here is our Christmas present to the bankers: it means you all have to come to this conference to hear what we have to say!
This highlights an issue that also came up with WikiLeaks. The US government used a system for holding its confidential communications that was intrinsically insecure (a unified database with something like two million officials authorised to use it). When its insecurity is finally revealed by Bradley Manning (and then WikiLeaks), the response is to rage against the breach whereas the rational thing to do is to rethink the security architecture. Governments are entitled to keep some secrets. But if those secrets are important, then they ought to be seriously protected, not put at risk in such a clueless way. So exposure fulfils a vital function, however annoying it may be at the time.
One wonders, though, if anyone in the UK Cabinet Office is paying attention to all this. As far as I know, the Coalition is still committed to the computerisation of NHS medical records embarked upon by New Labour. This means that the UK is constructing the same kind of intrinsically-insecure system as that breached by WikiLeaks. If the NHS system is built, the UK will have a centralised database of highly confidential documents — the medical records of every citizen — to which upwards 100,000 people of different organisational grades will have routine rights of access. Imagine the fuss there will be when the News of the World pays some bent geek to access the medical records of Cabinet ministers, celebrities and the like.
The only way to keep systems secure is what Ross calls compartmentation. In a way, that’s what the US government abandoned in the aftermath of 9/11 as it struggled to respond to the damaging discovery that its intelligence agencies had failed to “join up the dots”. The system that Bradley Manning accessed and WikiLeaks published was the government’s response to the criticisms.
But at least governments have some options available to them; they can change — or abandon — their systems. If the Coalition is wise, it will rethink the NHS database. Banks, however, don’t have as many options because they are caught in a special trap. On the one hand, customers can’t be persuaded to use online systems unless the banks swear blind that they are 100% secure. But no system can be that secure and so banks have to perpetuate the illusion of such security — which is the worst scenario of all because that encourages people to trust everything to it.
The only rational attitude to online systems is cautious scepticism about their security. By constantly reminding us of the vulnerabilities in these systems, Ross and his group are performing a valuable public service, even if the bankers don’t like it.
UPDATE: Excellent piece in the Guardian which includes this:
In view of the UKCA’s letter, Anderson has authorised Choudary’s thesis to be published as a Computer Laboratory technical report.
“This will make it easier for people to find and cite, and will ensure that its presence on our website is permanent,” his reply to the UKCA states.
“It is outrageous that the banking industry should try to censor a student’s thesis even though it was lawful and already in the public domain,” Anderson told the Guardian.
“It was particularly surprising for its chair, Melanie Johnson, to make this request; as a former MP she must be aware of the Human Rights Act, and as a former Cambridge graduate student she should have a better understanding of this university’s culture.
“Her intervention was completely counterproductive for the banks who employ her: Omar’s thesis will now be read by thousands of people who would otherwise not have heard of it,” he said.
Er, seen in Waitrose! Yes, Waitrose, purveyors of Prince Charles’s own organic produce to the middle classes. Perhaps it’s to offset bourgeois droop, as the effects of too much Chateau Lynch-Bages are doubtless known.
Also explains why Lloyd George was known as an “old goat”.
Steven Johnson has adapted his speech to the Web 2.0 Summit and turned it into an OpEd piece on FT.com. It’s basically a follow-on from his excellent Hearst Lecture, which is also about the dangers of the unlinkable App. Sample:
Of course, the overwhelming majority of apps do not contain much information that would benefit from being linked to other things on the internet. If we do not figure out a way to link directly to one level of the Angry Birds game, we will probably survive as a culture. But the danger lies in a region of the digital information landscape barely mentioned by Mr Anderson: books. Where links abound, a rich ecosystem of commentary, archiving, social sharing and scholarship usually develops because links make it far easier to build on and connect ideas from around the web. But right now, books exist outside this universe. There is no standardised way to link to a page of a digital book.
Books contain the most carefully crafted and edited text that we have – truly the richest source of information in the world – and yet all that information remains unlinkable. Google works as well as it does because people find interesting information on the web and link to it; Google then prioritises pages that attract a disproportionate number of inbound links. But if you find a fascinating passage in a novel or a book of history, there is no standardised way to link to it, which means that the rest of the web cannot benefit from your discovery.
Fortunately, a solution to this problem exists, one that merely involves a commitment to use technology that already exists. Call it the mirror web. If you create digital information in any form, make a parallel version of that information that lives on the web. A magazine publisher creating an iPad app should ensure that each article has clear links to a mirror version of each article on the web. Then, if anyone wants to cite, tweet, blog or e-mail a reference to that article, it is always one tap away. The web version can be behind a pay wall or some other kind of barrier if the publisher chooses; what matters is that there is an address you can point to.
What much of the discussion about Chris Anderson’s “death of the Web” meme overlooks is the long term implication of a publishing ecosystem dominated by unlinkable apps — namely the dumbing down of our culture. The wonderful thing about the open, hyperlinked Web is that it enables it to be greater than the sum of its parts. The unrestricted sharing of information and ideas endows it with an invaluable emergent property: that of collective intelligence. (And yes I know about Jaron Lanier’s stuff about the dangers of “hive mind”, “digital Maoism”, etc.) But the fact is that the reason humankind has become as accomplished as it has is because we found ways of sharing good ideas. The irony about the Apps-mania now gripping the publishing world is that, in an era when we were presented (courtesy of Tim Berners-Lee) with the most efficient method yet developed for sharing ideas, they want to cut off — or at least regulate — the rate at which ideas flow.
Apps are wonderful in their way; but they can be tools for dumbing us down.
UPDATE: To which Bill Thompson (whom God Preserve) adds a comment:
“Steven (and you) both make good points, and it is indeed the case that ‘in an era when we were presented (courtesy of Tim Berners-Lee) with the most efficient method yet developed for sharing ideas, [publishers] want to cut off — or at least regulate — the rate at which ideas flow’ – but why are we surprised? Publishers were the bottleneck in the flow of ideas for 300 years – the abundance of the digital age has removed their control, and they want it back. The App and the ebook are the digital equivalent of a licence to operate a printing press.”
Dave Winer thinks he knows. And my guess is that he’s right.
Here’s how he tells it.
Today I got a promotional email from Kay Kinton, Senior Public Relations Manager for Amazon Web Services, entitled “Amazon Web Services Year in Review.” It contained a paragraph, quoted below, that explains how their government business grew in 2010.
“Government adoption of AWS [Amazon Wb Services] grew significantly in 2010. The Recovery Accountability and Transparency Board became the first government-wide agency to migrate to a cloud-based environment when it moved Recovery.gov to AWS in March 2010. Today we have nearly 20 government agencies leveraging AWS, and the U.S. federal government continues to be one of our fastest growing customer segments. The U.S. General Services Administration awarded AWS the ability to provide government agencies with cloud services through the government's cloud storefront, Apps.gov. Additional AWS customers include Treasury.gov, the Federal Register 2.0 at the National Archives, the openEI.org project at DoE’s National Renewable Energy Lab, the Supplemental Nutrition Assistance Program at USDA, and the Jet Propulsion Laboratory at NASA. The current AWS compliance framework covers FISMA, PCI DSS Level 1, ISO 27001, SAS70 type II, and HIPAA, and we continue to seek certifications and accreditations that make it easier for government agencies to benefit from AWS. To learn more about how AWS works with the federal government, visit: http://aws.amazon.com/federal/.”
Dave writes that “It makes perfect sense that the US government is a big customer of Amazon’s web services. It also makes perfect sense that Amazon wouldn’t want to do anything to jeopardize that business. There might not have even been a phone call, it might not have been necessary.”
This strikes me as being spot on. Amazon’s original reasons for dropping WikiLeaks always seemed feeble — and indeed unlikely to stand up in court. But the company’s decision has been useful in drawing attention to the underlying issue. Political discourse is increasingly conducted via cloud services like Amazon’s. That means that it’s moved into a space that is essentially private. As someone observed at the beginning of the WikiLeaks affair, it’s as if our political discourse had moved from the parks and streets and into shopping malls. And that means that important aspects of free speech will henceforth exist at the mercy of corporate whim. This is bad news for democracy.
Homo proponit, sed Deus disponit.
Translation: Whatever you may dream, fate has other plans in store.
Thomas à Kempis, quoted by Simon Winchester in the New York Times.
